updated template
This commit is contained in:
Arne Teuke
@@ -37,65 +37,18 @@ connection_timeout=<%= @ne_connection_timeout %>
|
||||
|
||||
allow_weak_random_seed=<%= @ne_allow_weak_rnd_seed %>
|
||||
|
||||
ssl_version=<%= @ne_ssl_version %>
|
||||
ssl_use_adh=<%= @ne_ssl_use_adh %>
|
||||
ssl_cipher_list=<%= @ne_ssl_cipher_list %>
|
||||
|
||||
# SSL/TLS OPTIONS
|
||||
# These directives allow you to specify how to use SSL/TLS.
|
||||
#ssl_cacert_file=<%= @ne_ssl_cacert_file %>
|
||||
#ssl_cert_file=<%= @ne_ssl_cert_file %>
|
||||
#ssl_privatekey_file=<%= @ne_ssl_privatekey_file %>
|
||||
|
||||
# SSL VERSION
|
||||
# This can be any of: SSLv2 (only use SSLv2), SSLv2+ (use any version),
|
||||
# SSLv3 (only use SSLv3), SSLv3+ (use SSLv3 or above), TLSv1 (only use
|
||||
# TLSv1), TLSv1+ (use TLSv1 or above), TLSv1.1 (only use TLSv1.1),
|
||||
# TLSv1.1+ (use TLSv1.1 or above), TLSv1.2 (only use TLSv1.2),
|
||||
# TLSv1.2+ (use TLSv1.2 or above)
|
||||
# If an "or above" version is used, the best will be negotiated. So if both
|
||||
# ends are able to do TLSv1.2 and use specify SSLv2, you will get TLSv1.2.
|
||||
# If you are using openssl 1.1.0 or above, the SSLv2 options are not available.
|
||||
#ssl_client_certs=<%= @ne_ssl_client_certs %>
|
||||
#ssl_logging=<%= @ne_ssl_logging %>
|
||||
|
||||
#ssl_version=SSLv2+
|
||||
|
||||
# SSL USE ADH
|
||||
# This is for backward compatibility and is DEPRECATED. Set to 1 to enable
|
||||
# ADH or 2 to require ADH. 1 is currently the default but will be changed
|
||||
# in a later version.
|
||||
|
||||
#ssl_use_adh=1
|
||||
|
||||
# SSL CIPHER LIST
|
||||
# This lists which ciphers can be used. For backward compatibility, this
|
||||
# defaults to 'ssl_cipher_list=ALL:!MD5:@STRENGTH' in this version but
|
||||
# will be changed to something like the example below in a later version of NRPE.
|
||||
|
||||
#ssl_cipher_list=ALL:!MD5:@STRENGTH
|
||||
#ssl_cipher_list=ALL:!aNULL:!eNULL:!SSLv2:!LOW:!EXP:!RC4:!MD5:@STRENGTH
|
||||
|
||||
# SSL Certificate and Private Key Files
|
||||
|
||||
#ssl_cacert_file=/etc/ssl/servercerts/ca-cert.pem
|
||||
#ssl_cert_file=/etc/ssl/servercerts/nagios-cert.pem
|
||||
#ssl_privatekey_file=/etc/ssl/servercerts/nagios-key.pem
|
||||
|
||||
# SSL USE CLIENT CERTS
|
||||
# This options determines client certificate usage.
|
||||
# Values: 0 = Don't ask for or require client certificates (default)
|
||||
# 1 = Ask for client certificates
|
||||
# 2 = Require client certificates
|
||||
|
||||
#ssl_client_certs=0
|
||||
|
||||
# SSL LOGGING
|
||||
# This option determines which SSL messages are send to syslog. OR values
|
||||
# together to specify multiple options.
|
||||
|
||||
# Values: 0x00 (0) = No additional logging (default)
|
||||
# 0x01 (1) = Log startup SSL/TLS parameters
|
||||
# 0x02 (2) = Log remote IP address
|
||||
# 0x04 (4) = Log SSL/TLS version of connections
|
||||
# 0x08 (8) = Log which cipher is being used for the connection
|
||||
# 0x10 (16) = Log if client has a certificate
|
||||
# 0x20 (32) = Log details of client's certificate if it has one
|
||||
# -1 or 0xff or 0x2f = All of the above
|
||||
|
||||
#ssl_logging=0x00
|
||||
|
||||
|
||||
# NASTY METACHARACTERS
|
||||
|
||||
Reference in New Issue
Block a user